AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions and listings of claims in the 

application: 

Claim 1 (Currently amended): A method for providing security, comprising: 

separating a plurality of classes of application code into at least a first trusted class and an 
untrusted class; 

associating privilege information with the first trusted class , the privilege information 
including a privilege value based, at least in part, on the untrusted class : and 

controlling access to the first trusted class by the untrusted class or a second trusted class 
based upon the privilege information associated with the first trusted class. 

Claim 2 (Original): The method of claim 1 further comprising: 

granting the untrusted class or the second trusted class a privilege related to the first 
trusted class based upon a permissive attribute of the privilege information; and 
wherein the step of controlling access depends upon the privilege. 

Claim 3 (Original): The method of claim 1 further comprising: 

refusing to grant the untrusted class or second trusted class a privilege related to the first 

trusted class based upon a permissive attribute of the privilege information; and 
wherein controlling access depends upon the privilege. 

Claim 4 (Original): The method of claim 2, wherein controlling access further comprises: 

determining if the privilege allows the untrusted class or second trusted class to interact 

with the first trusted class in a predefined manner; and 
permitting the access to the first trusted class in the predefined manner if the privilege 

permits the access. 

Claim 5 (Original): The method of claim 4 further comprising denying the access to the first 
trusted class in the predefined manner if the access to the first trusted class in the 
predefined manner is contrary to the privilege. 
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Claim 6 (Original): The method of claim 5, wherein the privilege allows at least one of the 

group of creating a subclass of the first trusted class, creating a new instance of the first 
trusted class, allowing the untrusted class or second trusted class to invoke a method of 
the first trusted class, and allowing the untrusted class or second trusted class access to 
trusted data of the first trusted class. 

Claim 7 (Original): The method of claim 1, wherein the step of separating the classes further 
comprises associating a package with the first trusted class. 

Claim 8 (Original): The method of claim 7, wherein associating the package further comprises 
encapsulating the first trusted class within the package. 

Claim 9 (Original): The method of claim 7, wherein the package further comprises: 
a key; 

a package name incorporating the key; 
the privilege information; and 
the first trusted class. 

Claim 10 (Original): The method of claim 1, wherein the step of separating the classes further 
comprises allocating a separate memory space for the first trusted class and the untrusted 
class. 

Claim 11 (Original): The method of claim 1, wherein the privilege information further 
comprises a plurality of permissive attributes. 

Claim 12 (Original): The method of claim 11, wherein the permissive attributes comprises at 
least one of the group of a subclass attribute, a new instance attribute, a method 
invocation attribute, and a trusted data access attribute. 
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Claim 13 (Original): A method of claim 11 further comprising setting the permissive attribute to 
indicate a privilege grant to the untrusted class or second trusted class. 

Claim 14 (Original): The method of claim 11, wherein a default for the permissive attribute 
indicates no privilege grant to the untrusted class or second trusted class. 

Claim 15 (Original): The method of claim 1, wherein controlling access to the first trusted class 
further comprises: 

detecting when a request for a trusted class operation is made by the untrusted class or 

second trusted class; 
determining that the trusted class operation is authorized based on the privilege 

information associated with the first trusted class; and 
allowing access to the first trusted class according to the trusted class operation. 

Claim 16 (Original): The method of claim 15, wherein the trusted class operation is at least one 
of a group of operations comprising a subclass operation, a new instance creation, a 
method call operation, and a trusted data access operation. 

Claim 17 (Original): A method of claim 15, wherein the step of determining further comprises 
determining that the trusted class operation is authorized based on the setting for at least 
one permissive attribute within the privilege information. 

Claim 18 (Currently amended): A secure virtual machine instruction processor comprising: 
a first memory space for storing an untrusted class of application code; 
a second memory space for storing a first trusted class of application code; 
a privilege manager for managing privilege information associated with the first trusted 

class , the privilege information including a privilege value based, at least in part, 

on the untrusted class : and 
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a controller for controlling access to the first trusted class during a trusted class operation, 
wherein the controller is operative to receive a request for the trusted class 
operation from the untrusted class or a second trusted class and grant access to the 
first trusted class based on at least one permissive attribute within the privilege 
information for the first trusted class. 

Claim 19 (Original): A processor of claim 18, wherein the request received by the controller is 
one of the group of a subclass attribute, a new instance attribute, a method invocation 
attribute, and a trusted data access attribute. 

Claim 20 (Original): A processor of claim 18, wherein the controller is further operative to 

permit access to the first trusted class in a predefined marmer if the privilege permits the 
access. 

Claim 21 (Original): A processor of claim 18, wherein the controller is further operative to deny 
access to the first trusted class in a predefined manner if the privilege is contrary to the 
privilege. 

Claim 22 (Original): A processor of claim 18, wherein the first trusted class of the second 
memory space is associated with a package. 

Claim 23 (Original): A processor of claim 22, wherein associating the package further 
comprises encapsulating the first trusted class within the package. 

Claim 24 (Original): A processor of claim 22, wherein the package further comprises: 
a key; 

a package name incorporating the key; 
the privilege information; and 
the first trusted class. 
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Claim 25 (Currently amended): A computer-readable medium on which is stored instructions, 
which when executed perform steps in a method for providing a secure virtual machine, 
the steps comprising: 

separating a plurality of classes of application code into at least a first trusted class and an 
untrusted class; 

associating privilege information with the first trusted class , the privilege information 
including a privilege value based, at least in part, on the untrusted class : and 

controlling access to the first trusted class by the untrusted class or a second trusted class 
based upon the privilege information associated with the first trusted class. 

Claim 26 (Original): The computer-readable medium of claim 25 further comprising: 

refusing to grant the untrusted class or second trusted class a privilege related to the 
first trusted class based upon a permissive attribute of the privilege information; and 
wherein the step of controlling access depends upon the privilege. 

Claim 27 (Original): The computer-readable medium of claim 25 further comprising: 

granting the untrusted class or second trusted class a privilege related to the first 
trusted class based upon a permissive attribute of the privilege information; and 
wherein the step of controlling access depends upon the privilege. 

Claim 28 (Original): The computer-readable medium of claim 25 further comprising denying 
the access to the first trusted class in the predefined manner if the access to the first 
trusted class in the predefined manner is contrary to the privilege information. 

Claim 29 (Original): The computer-readable medium of claim 28 wherein the privilege 

information allows at least one of the group of creating a subclass of the first trusted 
class, creating a new instance of the first trusted class, allowing the untrusted class or 
second trusted class to invoke a method of the first trusted class, and allowing the 
untrusted class or second trusted class access to trusted data of the first trusted class. 



-6- 



